Page 1 of 5 0 KBID10577 Connecting to Mimecast Congratulations and welcome to Mimecast! Thank you for making the choice to move your email management to the cloud with the Mimecast Unified Email Management (UEM) Service. Connecting to Mimecast is a relatively simple process, and is described below. To download this article as a PDF file, click this icon. What is Mimecast? Mimecast s UEM Platform provides a unified way to manage corporate email. Our service delivers industry leading tools for email security, archiving, continuity and policy controls, all delivered through a simple Software as a Service (SaaS) platform. Mimecast also provides integrations into applications such as Microsoft Outlook, Microsoft Exchange and Lotus Domino to enhance and extend the capabilities for your end users. For more information view this related article. What Happens Now? Once the commercial contracts are completed, our Connect Team will be in contact to begin your Mimecast implementation. We break the implementation down into several steps to keep it as simple as possible. Each of these processes is detailed later in this article, but for now, it is important to understand the key milestones of a move to Mimecast. Firstly, we collect some important information about your email environment, which will be used to create your account in the Mimecast service. This includes details on IP addresses and email domain names. We ask you to reconfigure your firewall, as well as setup a few extra pieces of local functionality, all of which are native to Active Directory or Domino Directory. Once your account is up and running and you have re directed outbound and inbound SMTP through Mimecast, we can begin some of the other tasks, such as historic archive migration and Mimecast administrator training.
Page 2 of 5 Understanding the Mimecast Infrastructure Mimecast is deployed and run from the cloud, utilizing a grid computing model that is capable of delivering an effective utility service to all our customers through a single, multi tenant service. The Mimecast service is comprised of many individual devices, located across a network of highly resilient data centers. Each customer s access to Mimecast is controlled through various layers that process web controls, security controls or email filtering and archiving. In terms of mail and web sessions, you will be allocated specific points of entry into the service and these points translate to MX records, disaster recovery login access and outbound SMTP routing. Our SaaS delivery model means changes to your network are kept to a minimum, with implementation of Mimecast following seven simple steps. For more information, view the related articles listed below: Security Systems Gateway Global Data Centers Email Encryption Guide Best Practice Guidelines What is the Connect Process? The Connect process is a series of steps that are required to implement Mimecast into your environment. These steps will ensure that your Mimecast account is configured with the company specifics required to process your emails and to use any of the additional Mimecast services. For more information on Mimecast and the available products and services, view the full article. Implementing Mimecast does not require any specialist software or services; we simply utilize the native functionality of your mail server and the local directory services. The Connect process is broken down into seven different steps. Note: Depending on the customer s requirements, various configuration changes will be required. For those who wish to utilize Mimecast s services such as Journaling (archiving all internal email) or Directory Synchronization (pulling all email address information), certain server and firewall updates will be required. Why do I need to complete the Connect Process? The Connect process ensures that the configuration changes are completed to the requirements of the organization. Each step is managed by the support Connect team, and detailed information is provided to the Technical Point of Contact (TPOC) for the organization in order to complete each step in the process. The process also enables Mimecast to create a reputation database for the customer account allowing for a smooth transition to Mimecast, and ensures that all configuration changes are made in an organized and secure manner. Note: Mimecast support team members will not have access to make changes to your infrastructure. Guidelines and documentation is provided at each step in the process to assist you to make the required configuration changes. If additional assistance is required, your Account Manager will also be able to provide you with a list of Mimecast Partners. How do I Connect to Mimecast? The Connect process is made of seven (7) steps, which are detailed below. Some steps in the Connect process do not apply to specific Mimecast Services. Implementation Considerations Before beginning the Connect process, it is important to consider the following: 1) Existing archived data: You may need to consider the export of historical emails that you currently archive, so that they can be Ingested into Mimecast 2) Existing services: As it may not be possible to export organization Policies from your existing email management service, it may be necessary to document or record the required Policies and settings that must be created in Mimecast. This will ensure that the same account behaviour will take place when email flow is moved to Mimecast. For more information on the specific Policies, view the related article.
Page 3 of 5 Connect Steps Connect Step Step 1: Request For Information (RFI) Description Once your order is processed by Mimecast, the Connect Team will email your nominated technical contact with an introductory email, explaining the process involved, including links to Mimecast documentation and Knowledge Base articles. This introductory email acts as a formal Request for Information (RFI), which asks you to provide us with items such as the public sending and receiving IP addresses and email domain names you wish to protect with Mimecast. A link to the online setup form is included in the introductory email; please note that it is important to get these details correct, as our Connect Team will create your account based on the details entered into the form. The setup form also asks for details of inbound form mail and forwarding addresses, i.e. anything external to your network that sends email on behalf of your domains. We need to know these details to make sure we prevent spam filtering on this email. External forwarding addresses also need to be specifically catered for. With the information gathered from the RFI, Mimecast support engineers will create an account for the organization's data and settings. A Connect Team member will review the information you provided in Step 1, and then will create your account and ensure that policies outlined in the Service Level Agreement (SLA) are created. These policies include: Step 2: Mimecast Account configuration Blocking dangerous file types Blocking or holding encrypted ZIP files or email components Spam detection Anti spoofing Manual exclusion folders created for Permitted Senders, Blocked Senders and Permitted Forwarders Note: Details of all the default policies are available in this related article. This is a standard part of our Connect process, and our team can review these policies with you at any stage of the implementation if required. Step 3: Routing Outbound emails Step 4: Recipient Validation and Journal Configuration Email routing begins through Mimecast for outbound emails first, and your firewall must be configured to allow access to Mimecast data centre IP ranges for SMTP on port 25. Once your firewall is configured, we will accept outbound email for delivery to the Internet, which is restricted to the internal domains that were sent to us as part of the RFI. This outbound only mode is usually run for several days so we can build a reputation of who your users email on a regular basis these are added as your trusted senders. Two SMTP connectors or smart hosts are required to direct outbound SMTP from your email server to Mimecast. We do this so you are fully protected by the resilience of Mimecast. Whilst you are in outbound only mode, we begin to setup the other network integrations into your network. The Connect Team will guide you through each of these and can provide the relevant Microsoft documentation if you need it. Recipient Validation or Directory Synchronization Mimecast s security model needs to make sure it only delivers email to valid email addresses for your business. For Microsoft and Lotus Domino users, we can integrate with the native Directory to synchronize information, such as email address and group structure. You can choose not to synchronize your directory structure, in which case we would need a list of active users for which to accept email. Mimecast communicates with your Directory to sync this data, and the relevant port (listed below) will need to be opened for communication on your firewall: LDAP TCP port 389 (non secure connection) LDAPS TCP port 636 (secure or encrypted connection)
Page 4 of 5 12/09/2013 Note: To encrypt the data you must install a certificate. Journaling Journaling allows Mimecast to capture all internal emails to be added to your archive in two ways: either using POP3 or via SMTP. If using POP3 Journaling, the relevant port (listed below) will need to be opened for communication on your firewall: POP3 TCP port 110 (non secure connection) POP3S TCP port 995 (secure or encrypted connection) Note: To encrypt the data you must install a certificate. Mimecast needs be the configured host for your MX records. In other words, Mimecast begins to accept and process mail before it is delivered to your network, as DNS records direct email to the Mimecast Service as part of the delivery over the Internet. The Connect Team will give you a set of DNS hostnames so you can request a DNS record (or zone file) update with your ISP. Step 5: Routing Inbound emails Note: Within a few days of the MX record update, please ask your ISP for acknowledgement that the old MX record host will no longer be able to receive on your behalf. This is particularly important for other hosted providers. One your MX records have been redirected, a Delivery Route is configured to deliver emails from Mimecast to your environment. As we approach the end of your Connect project, we require you to lock down your firewall. By this we mean that you are only accepting connections from the Mimecast data centre IP ranges. Step 6: Firewall Lockdown You could be exposing your mail server to Denial of Service attacks and spam email delivery if the firewall is not configured correctly. This is a common method that spammers utilize to bypass gateway security services. Please make sure you cancel any contracts with your previous email cloud security provider to prevent any disruption to your email flow before you complete your firewall lock down. Step 7: Completion and Additional Services Mimecast support engineers test the connections to the organization infrastructure, and complete the Connect process. Additional Mimecast services and applications can then be implemented. Note: For a list of Mimecast Hostnames, view the related Gateway article. Validation and Testing Mimecast is deployed to hundreds of customers each month. To ensure smooth deployment, the Connect Team runs a series of background tests at each stage of the Connect process. We recommend that you plan and provision your own acceptance testing for each stage of the Connect process. There is a test schedule in the appendix of this document, which provides the details of normal acceptance validation and test but does not take into account any specific infrastructure. Your Time as a Mimecast Customer How will Mimecast Support you? Mimecast offers a 24x7 helpdesk (depending upon your support contract) with different levels of SLA depending on your license. Our email savvy engineers are available, but most of the time you will not need our help as Mimecast s UEM Service is designed for self service. Day or night, you can configure Mimecast as you would any other system in your own network; it s all under your control. The Knowledge Base provides detailed articles, video tutorials, Troubleshooting, and even Release Notes for all Mimecast products and services.
Page 5 of 5 What about Upgrades? Once connected, your need to talk to us will reduce, but we are always working quietly in the background ensuring that your services operate optimally. As Mimecast provides a SaaS platform, the majority of what we do will go unnoticed to you and your users; of course we will notify you of any major upgrades or changes to the management interface. Unlike other platforms or LAN based applications, you won t need to do anything or worry about another upgrade again. What happens next? As a Software as a Service (SaaS) solution, it may not be necessary to deploy applications within the organization's infrastructure, but some configuration changes will be required. Once the Connect process is complete, you are able to make use of other Mimecast archiving and user services. For more information on the implementation of additional services, view the full article. The high level process is outlined below: Complete the 7 step process to configure your base services Initiate your Ingestion process Configure your Best Practice Policies Install and configure additional Server components, such as MSE Enable end users through the available Mimecast apps See Also: Request for Information (RFI) SMTP Journaling Directory Connections